The log of the avc ist completely empty (dmesg). I don't get any errors. The bug is not reproduceable. The only thing what I can do is to disable selinux (echo 0 > /selinux/enforce) then get the mails and lock selinux (echo 1 > /selinux/enforce). This behaviour sounds to me a little bit strange, because I can't get the mails in every try when selinux is in enforcing mode. But when I switch of the selinux I can get the mails without any problems. And the avc is still empty. I searched for dontaudits in the policy but didn't find any suitable. I'm using only the courier-imapd-ssl feature. Are there any problems known?

Stefan SF wrote: > Hi, > > if I try to get my email through fetchmail, I often get an error. From > three times only one is successful. I'm using > net-mail/courier-imap-4.0.1 > and the latest courier-policy from the hp of kaiowas. > > /var/log/mail.log: > Mar 20 15:18:59 X imapd-ssl: couriertls: accept: error:140B544E:SSL > routines:SSL_GET_NEW_SESSION:ssl session id callback failed > Mar 20 15:26:05 X imapd-ssl: couriertls: accept: error:140B544E:SSL > routines:SSL_GET_NEW_SESSION:ssl session id callback failed > > and fetchmail displays: > fetchmail: 6.2.5 querying mail.X.net (protocol IMAP) at Sun Mar > 20 15:27:44 2005: poll started > fetchmail: SSL connection failed. > fetchmail: 6.2.5 querying mail.X.net (protocol IMAP) at Sun Mar > 20 15:27:45 2005: poll completed > fetchmail: Query status=3 (AUTHFAIL) > fetchmail: normal termination, status 3 > > The log of the avc ist completely empty (dmesg). I don't get any errors. > The bug is not reproduceable. The only thing what I can do is to disable > selinux (echo 0 > /selinux/enforce) then get the mails and lock selinux > (echo 1 > /selinux/enforce). > This behaviour sounds to me a little bit strange, because I can't get > the mails in every try when selinux is in enforcing mode. But when I > switch of the selinux I can get the mails without any problems. And the > avc is still empty. I searched for dontaudits in the policy but didn't > find any suitable. > I'm using only the courier-imapd-ssl feature. Are there any problems > known?

none I'm aware of. I do use 4.0.1 courier-pop3-ssl and courier-imapd-ssl on 2 boxes without any problems.

I'm not sure if this is how you tried to fix it, but just to make sure, here goes: echo 1 > /selinux/enforce dmesg -c make -C /etc/security/selinux/src/policy enableaudit make -C /etc/security/selinux/src/policy load

if there is no clear denial you can point your finger to then your problem might be of another nature.